Updates to session revoking in v4 (#7565)

author: Joram Wilander <jwawilander@gmail.com> 2017-10-04 11:04:17 -0400
committer: GitHub <noreply@github.com> 2017-10-04 11:04:17 -0400
commit: affd35071ea155069979fd359726296de8aa6aaf (patch)
tree: d6810c7a9356ceb3ff5bbb293f1b8756906d1d45 /api4/user.go
parent: 3e144f82e29e566b3cf1615c19b4ddc6dc7e4694 (diff)
download: chat-affd35071ea155069979fd359726296de8aa6aaf.tar.gz
chat-affd35071ea155069979fd359726296de8aa6aaf.tar.bz2
chat-affd35071ea155069979fd359726296de8aa6aaf.zip
1 files changed, 13 insertions, 1 deletions
diff --git a/api4/user.go b/api4/user.go
index 97f79cf6f..e46ded670 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -926,7 +926,19 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := c.App.RevokeSessionById(sessionId); err != nil {
+	var session *model.Session
+	var err *model.AppError
+	if session, err = c.App.GetSessionById(sessionId); err != nil {
+		c.Err = err
+		return
+	}
+
+	if session.UserId != c.Params.UserId {
+		c.SetInvalidUrlParam("user_id")
+		return
+	}
+
+	if err := c.App.RevokeSession(session); err != nil {
 		c.Err = err
 		return
 	}
author	Joram Wilander <jwawilander@gmail.com>	2017-10-04 11:04:17 -0400
committer	GitHub <noreply@github.com>	2017-10-04 11:04:17 -0400
commit	affd35071ea155069979fd359726296de8aa6aaf (patch)
tree	d6810c7a9356ceb3ff5bbb293f1b8756906d1d45 /api4/user.go
parent	3e144f82e29e566b3cf1615c19b4ddc6dc7e4694 (diff)
download	chat-affd35071ea155069979fd359726296de8aa6aaf.tar.gz chat-affd35071ea155069979fd359726296de8aa6aaf.tar.bz2 chat-affd35071ea155069979fd359726296de8aa6aaf.zip